Commit message (Collapse) | Author | Age | Files | Lines | ||
---|---|---|---|---|---|---|
... | ||||||
* | Remove TlsAwareHttpClientBuilder | Bjørn Christian Seime | 2019-04-08 | 4 | -310/+0 | |
| | ||||||
* | Remove VespaHttpClientBuilder from security-utils | Bjørn Christian Seime | 2019-04-08 | 3 | -158/+0 | |
| | ||||||
* | Revert "Bjorncs/http utils" | Håkon Hallingstad | 2019-04-08 | 3 | -0/+158 | |
| | ||||||
* | Remove VespaHttpClientBuilder from security-utils | Bjørn Christian Seime | 2019-04-05 | 3 | -158/+0 | |
| | ||||||
* | Revert "Remove TlsAwareHttpClientBuilder" | Bjørn Christian Seime | 2019-04-05 | 4 | -0/+310 | |
| | | | | This reverts commit e962344ba28b9f84028a129a24c92b40fdc076b8. | |||||
* | Apache httpclient must be included in compile scope | Bjørn Christian Seime | 2019-04-04 | 1 | -6/+10 | |
| | | | | | | The apache http libraries are not osgi bundles. Including them as provided scope does not work as the required import-package statements are not added to the jar manifest. | |||||
* | Export package 'com.yahoo.security.tls.https' | Bjørn Christian Seime | 2019-04-04 | 1 | -0/+8 | |
| | ||||||
* | Use URIBuilder | Bjørn Christian Seime | 2019-04-03 | 1 | -1/+2 | |
| | ||||||
* | Remove TlsAwareHttpClientBuilder | Bjørn Christian Seime | 2019-04-03 | 5 | -318/+0 | |
| | ||||||
* | Add VespaHttpClientBuilder based on apache httpclient | Bjørn Christian Seime | 2019-04-03 | 3 | -0/+153 | |
| | ||||||
* | Stop reload task when there are no external references to the managers | Bjørn Christian Seime | 2019-03-01 | 2 | -18/+126 | |
| | | | | | The reload task will shut down the executor service when the GC has determined that there are no other references to the key/trust manager. | |||||
* | Add utility method to construct http client | Bjørn Christian Seime | 2019-02-25 | 1 | -0/+9 | |
| | ||||||
* | Add withCertificateEntries() to KeyStoreBuilder | Bjørn Christian Seime | 2019-02-25 | 4 | -19/+17 | |
| | ||||||
* | Add utility method to construct tls context | Bjørn Christian Seime | 2019-02-25 | 1 | -0/+5 | |
| | ||||||
* | Add constructor without tls context parameter | Bjørn Christian Seime | 2019-02-25 | 1 | -3/+7 | |
| | ||||||
* | User agent must be specified | Bjørn Christian Seime | 2019-02-25 | 1 | -4/+0 | |
| | ||||||
* | Merge pull request #8572 from vespa-engine/bjorncs/jdisc-mixed-mode | Bjørn Christian Seime | 2019-02-25 | 4 | -29/+42 | |
|\ | | | | | Bjorncs/jdisc mixed mode | |||||
| * | Override default hostname verification in PeerAuthorizerTrustManager | Bjørn Christian Seime | 2019-02-22 | 4 | -29/+42 | |
| | | | | | | | | | | Ensure that the default hostname verification is not applied for the Vespa TLS certificates. Use the custom trust manager even when no authorized peers rules are present. | |||||
* | | Introduce http client that follows Vespa TLS config | Bjørn Christian Seime | 2019-02-21 | 4 | -0/+309 | |
|/ | ||||||
* | Stop using Bouncycastle for PKCS12 keystore | Bjørn Christian Seime | 2019-02-20 | 1 | -1/+1 | |
| | ||||||
* | Fix spelling errors | Bjørn Christian Seime | 2019-02-19 | 2 | -2/+2 | |
| | ||||||
* | Misc changes to TlsContext and its implementations | Bjørn Christian Seime | 2019-02-19 | 3 | -49/+147 | |
| | | | | | | | | - Add methods to retrieve underlying SSLContext and SSLParameters - Add createSslEngine() overload with peer host and port - Remove constructor DefaultTlsContext constructor taking path to config file. - Resolve valid ciphers and protcols in constructor. - Use mutual x509 key/trust manager in ReloadingTlsContext | |||||
* | Add withKeyManagerFactory() to specify custom key manager | Bjørn Christian Seime | 2019-02-19 | 3 | -59/+37 | |
| | | | | | | | - Introduce an interface for key manager factory. - Change SslContextBuilder to call trust/key manager factory even when no truststore/keystore has been specified. - Change trust manager factory to be specific for x509. - Use TrustManagerUtils/KeyManagerUtil to construct default managers. | |||||
* | Require client auth for ssl engines constructed by DefaultTlsContext | Bjørn Christian Seime | 2019-02-19 | 1 | -0/+1 | |
| | ||||||
* | Add mutable x509 trust manager | Bjørn Christian Seime | 2019-02-19 | 2 | -0/+129 | |
| | | | | Add a x509 trust manager where certificates can be updated while the manager is in use. | |||||
* | Add x509 key manager that regularly updates cert chain from PEM files | Bjørn Christian Seime | 2019-02-19 | 3 | -0/+239 | |
| | ||||||
* | Add mutable x509 key manager | Bjørn Christian Seime | 2019-02-19 | 2 | -0/+171 | |
| | | | | | Add a x509 key manager where certificates can be updated while the manager is in use. | |||||
* | Add utility classes for constructing default x509 trust/key manager | Bjørn Christian Seime | 2019-02-19 | 2 | -0/+99 | |
| | ||||||
* | Revert "Bjorncs/jdisc mixed mode preparations" | Arnstein Ressem | 2019-02-18 | 15 | -822/+107 | |
| | ||||||
* | Fix spelling errors | Bjørn Christian Seime | 2019-02-18 | 2 | -2/+2 | |
| | ||||||
* | Misc changes to TlsContext and its implementations | Bjørn Christian Seime | 2019-02-14 | 3 | -49/+147 | |
| | | | | | | | | - Add methods to retrieve underlying SSLContext and SSLParameters - Add createSslEngine() overload with peer host and port - Remove constructor DefaultTlsContext constructor taking path to config file. - Resolve valid ciphers and protcols in constructor. - Use mutual x509 key/trust manager in ReloadingTlsContext | |||||
* | Add withKeyManagerFactory() to specify custom key manager | Bjørn Christian Seime | 2019-02-14 | 3 | -59/+37 | |
| | | | | | | | - Introduce an interface for key manager factory. - Change SslContextBuilder to call trust/key manager factory even when no truststore/keystore has been specified. - Change trust manager factory to be specific for x509. - Use TrustManagerUtils/KeyManagerUtil to construct default managers. | |||||
* | Require client auth for ssl engines constructed by DefaultTlsContext | Bjørn Christian Seime | 2019-02-14 | 1 | -0/+1 | |
| | ||||||
* | Add mutable x509 trust manager | Bjørn Christian Seime | 2019-02-14 | 2 | -0/+129 | |
| | | | | Add a x509 trust manager where certificates can be updated while the manager is in use. | |||||
* | Add x509 key manager that regularly updates cert chain from PEM files | Bjørn Christian Seime | 2019-02-14 | 3 | -0/+239 | |
| | ||||||
* | Add mutable x509 key manager | Bjørn Christian Seime | 2019-02-14 | 2 | -0/+171 | |
| | | | | | Add a x509 key manager where certificates can be updated while the manager is in use. | |||||
* | Add utility classes for constructing default x509 trust/key manager | Bjørn Christian Seime | 2019-02-14 | 2 | -0/+99 | |
| | ||||||
* | Fix typo | Bjørn Christian Seime | 2019-02-01 | 1 | -1/+1 | |
| | ||||||
* | Remove throw declaration of unused exception | Bjørn Christian Seime | 2019-02-01 | 1 | -2/+1 | |
| | ||||||
* | Restrict enabled protocols | Bjørn Christian Seime | 2019-02-01 | 2 | -1/+21 | |
| | ||||||
* | Nonfunctional changes only | Jon Bratseth | 2019-01-31 | 2 | -0/+2 | |
| | ||||||
* | Use 'prime256v1' curve for EC keys | Bjørn Christian Seime | 2019-01-23 | 3 | -7/+18 | |
| | | | | | This allows the TLS test in jrt to use elliptic curves crypto in unit tests (fixes issue where JSSE cannot find matching cipher). | |||||
* | Allow configuration of accepted ciphers | Bjørn Christian Seime | 2019-01-23 | 8 | -12/+49 | |
| | ||||||
* | Add TLSv1.3 cipher suites to whitelist | Bjørn Christian Seime | 2019-01-23 | 1 | -1/+4 | |
| | ||||||
* | Fix accidental import of java.sql.Date | Bjørn Christian Seime | 2019-01-21 | 1 | -1/+1 | |
| | ||||||
* | 6-SNAPSHOT -> 7-SNAPSHOT. | Arnstein Ressem | 2019-01-21 | 1 | -2/+2 | |
| | ||||||
* | Revert "Bratseth/disallow dash " | Jon Bratseth | 2019-01-16 | 2 | -2/+0 | |
| | ||||||
* | Change access modifier to 'public' for 'fromConfigValue()' | Bjørn Christian Seime | 2019-01-15 | 2 | -2/+2 | |
| | ||||||
* | Return default values when env vars are not present | Bjørn Christian Seime | 2019-01-15 | 1 | -10/+6 | |
| | ||||||
* | Define default value for tls authorization mode | Bjørn Christian Seime | 2019-01-15 | 1 | -0/+8 | |
| |